The Experts below are selected from a list of 159 Experts worldwide ranked by ideXlab platform
Sergey Fedorov - One of the best experts on this subject based on the ideXlab platform.
-
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
2019 IEEE European Symposium on Security and Privacy (EuroS&P), 2019Co-Authors: Claudio Soriente, Ghassan Karame, Wenting Li, Sergey FedorovAbstract:With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). The integration of SGX within the cloud considerably strengthens the threat model for cloud Applications. However, cloud deployments depend on the ability of the cloud operator to add and remove Application dynamically; this is no longer possible given the current model to deploy and provision enclaves that actively involves the Application Owner. In this paper, we propose ReplicaTEE, a solution that enables seamless commissioning and decommissioning of TEE-based Applications in the cloud. ReplicaTEE leverages an SGX-based provisioning service that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the Application Owner. Namely, in ReplicaTEE, the Application Owner entrusts Application secret to the provisioning service; the latter handles all enclave commissioning and decommissioning operations throughout the Application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by approximately 800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based Applications.
-
EuroS&P - ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
2019 IEEE European Symposium on Security and Privacy (EuroS&P), 2019Co-Authors: Claudio Soriente, Ghassan Karame, Wenting Li, Sergey FedorovAbstract:With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). The integration of SGX within the cloud considerably strengthens the threat model for cloud Applications. However, cloud deployments depend on the ability of the cloud operator to add and remove Application dynamically; this is no longer possible given the current model to deploy and provision enclaves that actively involves the Application Owner. In this paper, we propose ReplicaTEE, a solution that enables seamless commissioning and decommissioning of TEE-based Applications in the cloud. ReplicaTEE leverages an SGX-based provisioning service that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the Application Owner. Namely, in ReplicaTEE, the Application Owner entrusts Application secret to the provisioning service; the latter handles all enclave commissioning and decommissioning operations throughout the Application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by approximately 800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based Applications.
-
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
arXiv: Cryptography and Security, 2018Co-Authors: Claudio Soriente, Ghassan Karame, Wenting Li, Sergey FedorovAbstract:With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). Although the integration of SGX within the cloud considerably strengthens the threat model for cloud Applications, the current model to deploy and provision enclaves prevents the cloud operator from adding or removing enclaves dynamically - thus preventing elasticity for TEE-based Applications in the cloud. In this paper, we propose ReplicaTEE, a solution that enables seamless provisioning and decommissioning of TEE-based Applications in the cloud. ReplicaTEE leverages an SGX-based provisioning layer that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the Application Owner. Namely, in ReplicaTEE, the Application Owner entrusts Application secret to the provisioning layer; the latter handles all enclave commissioning and de-commissioning operations throughout the Application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by ~800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based Applications.
Claudio Soriente - One of the best experts on this subject based on the ideXlab platform.
-
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
2019 IEEE European Symposium on Security and Privacy (EuroS&P), 2019Co-Authors: Claudio Soriente, Ghassan Karame, Wenting Li, Sergey FedorovAbstract:With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). The integration of SGX within the cloud considerably strengthens the threat model for cloud Applications. However, cloud deployments depend on the ability of the cloud operator to add and remove Application dynamically; this is no longer possible given the current model to deploy and provision enclaves that actively involves the Application Owner. In this paper, we propose ReplicaTEE, a solution that enables seamless commissioning and decommissioning of TEE-based Applications in the cloud. ReplicaTEE leverages an SGX-based provisioning service that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the Application Owner. Namely, in ReplicaTEE, the Application Owner entrusts Application secret to the provisioning service; the latter handles all enclave commissioning and decommissioning operations throughout the Application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by approximately 800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based Applications.
-
EuroS&P - ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
2019 IEEE European Symposium on Security and Privacy (EuroS&P), 2019Co-Authors: Claudio Soriente, Ghassan Karame, Wenting Li, Sergey FedorovAbstract:With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). The integration of SGX within the cloud considerably strengthens the threat model for cloud Applications. However, cloud deployments depend on the ability of the cloud operator to add and remove Application dynamically; this is no longer possible given the current model to deploy and provision enclaves that actively involves the Application Owner. In this paper, we propose ReplicaTEE, a solution that enables seamless commissioning and decommissioning of TEE-based Applications in the cloud. ReplicaTEE leverages an SGX-based provisioning service that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the Application Owner. Namely, in ReplicaTEE, the Application Owner entrusts Application secret to the provisioning service; the latter handles all enclave commissioning and decommissioning operations throughout the Application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by approximately 800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based Applications.
-
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
arXiv: Cryptography and Security, 2018Co-Authors: Claudio Soriente, Ghassan Karame, Wenting Li, Sergey FedorovAbstract:With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). Although the integration of SGX within the cloud considerably strengthens the threat model for cloud Applications, the current model to deploy and provision enclaves prevents the cloud operator from adding or removing enclaves dynamically - thus preventing elasticity for TEE-based Applications in the cloud. In this paper, we propose ReplicaTEE, a solution that enables seamless provisioning and decommissioning of TEE-based Applications in the cloud. ReplicaTEE leverages an SGX-based provisioning layer that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the Application Owner. Namely, in ReplicaTEE, the Application Owner entrusts Application secret to the provisioning layer; the latter handles all enclave commissioning and de-commissioning operations throughout the Application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by ~800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based Applications.
Rami Bahsoon - One of the best experts on this subject based on the ideXlab platform.
-
SASO - A Multi-Agent Elasticity Management Based on Multi-Tenant Debt Exchanges
2018 IEEE 12th International Conference on Self-Adaptive and Self-Organizing Systems (SASO), 2018Co-Authors: Carlos Mera-gómez, Rami Bahsoon, Francisco Ramírez, Rajkumar BuyyaAbstract:A multi-tenant Software as a Service (SaaS) Application is a highly configurable software that allows its Owner to serve multiple tenants, each with their own workflows, workloads and Service Level Objectives (SLOs). Tenants are usually organizations that serve several users and the Application appears to be a different one for each tenant. However, in practice, multi-tenant SaaS Applications limit the diversity of tenants by clustering them in a few categories (e.g. premium, standard) with predefined SLOs. Additionally, this coarse-grained clustering reduces the advantage of these multi-tenant ecosystems over single tenant architectures to share dynamically virtual resources between tenants based on their own workload profile and elasticity adaptation decisions. To address this limitation, we propose a multi-agent elasticity management where each tenant is represented by a reinforcement learning agent that performs elasticity adaptations based on a new technical debt perspective, and make use of debt attributes (i.e. amnesty, interest) to form autonomous coalitions that minimise the effect of the unavoidable imperfections in any elasticity management approach. We extended CloudSim and Burlap to evaluate our approach. The simulation results indicate that our debt-aware multi-agent elasticity management preserves the diversity of tenants and reduces SLO violations without affecting the aggregate utility of the Application Owner.
-
A Multi-Agent Elasticity Management Based on Multi-Tenant Debt Exchanges
2018 IEEE 12th International Conference on Self-Adaptive and Self-Organizing Systems (SASO), 2018Co-Authors: Carlos Mera-gómez, Rami Bahsoon, Francisco Ramírez, Rajkumar BuyyaAbstract:A multi-tenant Software as a Service (SaaS) Application is a highly configurable software that allows its Owner to serve multiple tenants, each with their own workflows, workloads and Service Level Objectives (SLOs). Tenants are usually organizations that serve several users and the Application appears to be a different one for each tenant. However, in practice, multi-tenant SaaS Applications limit the diversity of tenants by clustering them in a few categories (e.g. premium, standard) with predefined SLOs. Additionally, this coarse-grained clustering reduces the advantage of these multi-tenant ecosystems over single tenant architectures to share dynamically virtual resources between tenants based on their own workload profile and elasticity adaptation decisions. To address this limitation, we propose a multi-agent elasticity management where each tenant is represented by a reinforcement learning agent that performs elasticity adaptations based on a new technical debt perspective, and make use of debt attributes (i.e. amnesty, interest) to form autonomous coalitions that minimise the effect of the unavoidable imperfections in any elasticity management approach. We extended CloudSim and Burlap to evaluate our approach. The simulation results indicate that our debt-aware multi-agent elasticity management preserves the diversity of tenants and reduces SLO violations without affecting the aggregate utility of the Application Owner.
-
Performance Modelling and Verification of Cloud-Based Auto-Scaling Policies
2017 17th IEEE ACM International Symposium on Cluster Cloud and Grid Computing (CCGRID), 2017Co-Authors: Alexandros Evangelidis, David Parker, Rami BahsoonAbstract:Auto-scaling, a key property of cloud computing, allows Application Owners to acquire and release resources on demand. However, the shared environment, along with the exponentially large configuration space of available parameters, makes configuration of auto-scaling policies a challenging task. In particular, it is difficult to quantify, a priori, the impact of a policy on Quality of Service (QoS) provision. To address this problem, we propose a novel approach based on performance modelling and formal verification to produce performance guarantees on particular rule-based auto-scaling policies. We demonstrate the usefulness and efficiency of our model through a detailed validation process on the Amazon EC2 cloud, using two types of load patterns. Our experimental results show that it can be very effective in helping a cloud Application Owner configure an auto-scaling policy in order to minimise the QoS violations.
-
CCGrid - Performance Modelling and Verification of Cloud-based Auto-Scaling Policies
2017 17th IEEE ACM International Symposium on Cluster Cloud and Grid Computing (CCGRID), 2017Co-Authors: Alexandros Evangelidis, David Parker, Rami BahsoonAbstract:Auto-scaling, a key property of cloud computing, allows Application Owners to acquire and release resources on demand. However, the shared environment, along with the exponentially large configuration space of available parameters, makes configuration of auto-scaling policies a challenging task. In particular, it is difficult to quantify, a priori, the impact of a policy on Quality of Service (QoS) provision. To address this problem, we propose a novel approach based on performance modelling and formal verification to produce performance guarantees on particular rule-based auto-scaling policies. We demonstrate the usefulness and efficiency of our model through a detailed validation process on the Amazon EC2 cloud, using two types of load patterns. Our experimental results show that it can be very effective in helping a cloud Application Owner configure an auto-scaling policy in order to minimise the QoS violations.
Rajkumar Buyya - One of the best experts on this subject based on the ideXlab platform.
-
SASO - A Multi-Agent Elasticity Management Based on Multi-Tenant Debt Exchanges
2018 IEEE 12th International Conference on Self-Adaptive and Self-Organizing Systems (SASO), 2018Co-Authors: Carlos Mera-gómez, Rami Bahsoon, Francisco Ramírez, Rajkumar BuyyaAbstract:A multi-tenant Software as a Service (SaaS) Application is a highly configurable software that allows its Owner to serve multiple tenants, each with their own workflows, workloads and Service Level Objectives (SLOs). Tenants are usually organizations that serve several users and the Application appears to be a different one for each tenant. However, in practice, multi-tenant SaaS Applications limit the diversity of tenants by clustering them in a few categories (e.g. premium, standard) with predefined SLOs. Additionally, this coarse-grained clustering reduces the advantage of these multi-tenant ecosystems over single tenant architectures to share dynamically virtual resources between tenants based on their own workload profile and elasticity adaptation decisions. To address this limitation, we propose a multi-agent elasticity management where each tenant is represented by a reinforcement learning agent that performs elasticity adaptations based on a new technical debt perspective, and make use of debt attributes (i.e. amnesty, interest) to form autonomous coalitions that minimise the effect of the unavoidable imperfections in any elasticity management approach. We extended CloudSim and Burlap to evaluate our approach. The simulation results indicate that our debt-aware multi-agent elasticity management preserves the diversity of tenants and reduces SLO violations without affecting the aggregate utility of the Application Owner.
-
A Multi-Agent Elasticity Management Based on Multi-Tenant Debt Exchanges
2018 IEEE 12th International Conference on Self-Adaptive and Self-Organizing Systems (SASO), 2018Co-Authors: Carlos Mera-gómez, Rami Bahsoon, Francisco Ramírez, Rajkumar BuyyaAbstract:A multi-tenant Software as a Service (SaaS) Application is a highly configurable software that allows its Owner to serve multiple tenants, each with their own workflows, workloads and Service Level Objectives (SLOs). Tenants are usually organizations that serve several users and the Application appears to be a different one for each tenant. However, in practice, multi-tenant SaaS Applications limit the diversity of tenants by clustering them in a few categories (e.g. premium, standard) with predefined SLOs. Additionally, this coarse-grained clustering reduces the advantage of these multi-tenant ecosystems over single tenant architectures to share dynamically virtual resources between tenants based on their own workload profile and elasticity adaptation decisions. To address this limitation, we propose a multi-agent elasticity management where each tenant is represented by a reinforcement learning agent that performs elasticity adaptations based on a new technical debt perspective, and make use of debt attributes (i.e. amnesty, interest) to form autonomous coalitions that minimise the effect of the unavoidable imperfections in any elasticity management approach. We extended CloudSim and Burlap to evaluate our approach. The simulation results indicate that our debt-aware multi-agent elasticity management preserves the diversity of tenants and reduces SLO violations without affecting the aggregate utility of the Application Owner.
Wenting Li - One of the best experts on this subject based on the ideXlab platform.
-
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
2019 IEEE European Symposium on Security and Privacy (EuroS&P), 2019Co-Authors: Claudio Soriente, Ghassan Karame, Wenting Li, Sergey FedorovAbstract:With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). The integration of SGX within the cloud considerably strengthens the threat model for cloud Applications. However, cloud deployments depend on the ability of the cloud operator to add and remove Application dynamically; this is no longer possible given the current model to deploy and provision enclaves that actively involves the Application Owner. In this paper, we propose ReplicaTEE, a solution that enables seamless commissioning and decommissioning of TEE-based Applications in the cloud. ReplicaTEE leverages an SGX-based provisioning service that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the Application Owner. Namely, in ReplicaTEE, the Application Owner entrusts Application secret to the provisioning service; the latter handles all enclave commissioning and decommissioning operations throughout the Application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by approximately 800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based Applications.
-
EuroS&P - ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
2019 IEEE European Symposium on Security and Privacy (EuroS&P), 2019Co-Authors: Claudio Soriente, Ghassan Karame, Wenting Li, Sergey FedorovAbstract:With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). The integration of SGX within the cloud considerably strengthens the threat model for cloud Applications. However, cloud deployments depend on the ability of the cloud operator to add and remove Application dynamically; this is no longer possible given the current model to deploy and provision enclaves that actively involves the Application Owner. In this paper, we propose ReplicaTEE, a solution that enables seamless commissioning and decommissioning of TEE-based Applications in the cloud. ReplicaTEE leverages an SGX-based provisioning service that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the Application Owner. Namely, in ReplicaTEE, the Application Owner entrusts Application secret to the provisioning service; the latter handles all enclave commissioning and decommissioning operations throughout the Application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by approximately 800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based Applications.
-
ReplicaTEE: Enabling Seamless Replication of SGX Enclaves in the Cloud
arXiv: Cryptography and Security, 2018Co-Authors: Claudio Soriente, Ghassan Karame, Wenting Li, Sergey FedorovAbstract:With the proliferation of Trusted Execution Environments (TEEs) such as Intel SGX, a number of cloud providers will soon introduce TEE capabilities within their offering (e.g., Microsoft Azure). Although the integration of SGX within the cloud considerably strengthens the threat model for cloud Applications, the current model to deploy and provision enclaves prevents the cloud operator from adding or removing enclaves dynamically - thus preventing elasticity for TEE-based Applications in the cloud. In this paper, we propose ReplicaTEE, a solution that enables seamless provisioning and decommissioning of TEE-based Applications in the cloud. ReplicaTEE leverages an SGX-based provisioning layer that interfaces with a Byzantine Fault-Tolerant storage service to securely orchestrate enclave replication in the cloud, without the active intervention of the Application Owner. Namely, in ReplicaTEE, the Application Owner entrusts Application secret to the provisioning layer; the latter handles all enclave commissioning and de-commissioning operations throughout the Application lifetime. We analyze the security of ReplicaTEE and show that it is secure against attacks by a powerful adversary that can compromise a large fraction of the cloud infrastructure. We implement a prototype of ReplicaTEE in a realistic cloud environment and evaluate its performance. ReplicaTEE moderately increments the TCB by ~800 LoC. Our evaluation shows that ReplicaTEE does not add significant overhead to existing SGX-based Applications.
